How Windows tech support scammers walked right into a trap set by the feds

Sometimes scammers are just as likely to fall for a good con as anyone else.

Three weeks ago, Jack Friedman got a call from a man with an Indian accent claiming to be from the Windows technical team at Microsoft. Friedman, a Florida resident who is my friend Elliot's grandfather, was told by "Nathan James" from Windows that he needed to renew his software protection license to keep his computer running smoothly. "He said I had a problem with my Microsoft system," Friedman told me. "He said they had a deal for $99, they would straighten out my computer and it will be like brand new."

Friedman's three-year-old Windows Vista computer was running a bit slow, as many PCs do. Friedman is often suspicious of unsolicited calls, but after talking with Nathan on the phone and exchanging e-mails, he says, "I figured he was a legitimate guy." Friedman handed over his Capital One credit card number, and the "technician" used remote PC support software to root around his computer for a while, supposedly fixing whatever was wrong with it.

"I could see my arrow going all over the place and clicking different things on my computer," Friedman said. But that $99 Capital One credit card charge turned into a $495 wire transfer. Then Bank of America's fraud department called Friedman, and said, "somebody is trying to get into your account." Whoever it was had entered the wrong password multiple times, and as a precaution Friedman's checking account was shut down.

Capital One restored his lost $495, but the hassles didn't end there. Because of the action Bank of America took, Friedman's checks started bouncing. He's had to change passwords on all his accounts, get new credit cards, and pay a real computer technician $75 to clean out all the junk installed by the scammer.

Friedman is one of thousands of people hoodwinked by this Windows tech support scam, which authorities say has bilked unwitting PC owners out of tens of millions of dollars. Friedman's story shows that the scam is alive and well even though the Federal Trade Commission shut down a bunch of the companies allegedly doing the scamming, as we reported in early October. The FTC filed six lawsuits against more than 30 defendants, a number of whom are in settlement talks with the FTC to end litigation.

Those lawsuits show that the Windows tech support scammers are often just as likely to fall for a good con as anyone else.

To catch a thief: One phone call is all it takes

Enlarge/ FTC Chairman Jon Leibowitz at a Washington, DC press conference on the support scams.

FTC

The Windows tech support scammers all follow the same general script. There are nuances and differences, but the process of convincing people who answer the phone that their PCs are riddled with viruses never changes too much.

You might think that if you spent your whole day calling people on the phone to scam them, if your paycheck depended upon fooling the gullible, that you'd be pretty good at detecting a scam yourself. But ultimately, the people doing the scamming aren't likely to be the masterminds. They're just the work-a-day drones doing their employer's bidding—perfect targets for the undercover investigators at the FTC.

When the FTC announced its crackdown on the tech support scammers, the agency played a recorded undercover call but otherwise didn't spend much time talking about how they tracked the defendants down in the first place. Court documents the FTC subsequently sent our way show that it was rather easy. Or, more precisely, once the difficult groundwork of tracking down the scammers had been laid, the scammers walked right into the FTC’s trap, as gullible and helpless as the victims whose bank accounts they raided.

Declarations and transcripts FTC agents filed in US District Court in Southern New York show just how the operations went down. These documents were filed along with the initial complaints, but for whatever reason they did not make it onto the Public Access to Court Electronics Records (PACER) system.

“Did you just call me?”

In a typical Windows tech support scam, the scammer calls up a random person, informing them that their computer has been hijacked by viruses and that the scammer knows this because as a member of the Windows technical support team they can track any computer connected to the Internet. Next, the scammer directs the victim to look at the Windows Event Viewer, a standard part of the Windows operating system that displays mostly harmless error logs. From there, the scammer convinces the victim that these error logs are signs of serious infections and that they need to pay some cash to make the infections go away.

They couldn't even verify whether they had previously called the number used by the undercover FTC agent.

We previously regaled you with the tales of angry and creative citizens of the Internet who turned the tables on the scammers by performing elaborate trolls, and also of Ars editor Nate Anderson’s experience playing along with a scam call in order to document what happened.

But that requires waiting for one of the calls to come. What if it doesn’t? The FTC’s strategy of gathering evidence involved having trained agents go undercover as helpless consumers. No surprise there. But instead of waiting for a call, the FTC’s investigators called up the scammers themselves, using undercover identities not associated to the FTC.

"On or about February 14, 2012, when I dialed (888) 408-6651, a representative answered, ‘Thank you for calling tech support. My name is Victor. How may I help you?’ I said that I had a received a call, the caller had said something about my computer and Microsoft, and that I wanted to know what this was about."

So begins one of the meaty parts of a declaration by FTC investigator Sheryl Novick, who conducted the stings along with FTC paralegal specialist Jennifer Rodden. Novick hadn't received any call—she just called one of the numbers that appeared in numerous consumer complaints. Novick's statement comes from a case against Zeal IT Solutions, but most of the stings went down the same way. Novick's declaration continues:

Victor said they were a tech support company, providing service mainly to Windows users. He told me the name of the company was "Support One Care" and later said they were located in the Eastern part of India. After taking my information, Victor explained that I got a call because they were doing a check-up call for the computer. He asked if my computer was facing any problems but I told him I wasn't sure. He said he was with the technical department and that he'd have to connect me with the registration department and they would call me back. He said I could view their website at ‘www.supportonecare.com’ to see the details of the services they provide.

We hung up because he said he would call me from his number to show me the computer's infections. But he called me back shortly after to tell me someone else would be calling me soon. I received a call back that same day from someone who identified himself as Robin Wilson from the computer technical department of Support One Care. He said they were calling me "because from the past two months, whenever the Windows user have been going online, at that point of time, some malicious infections are automatically getting downloaded... 90 percent of the Windows user have these malicious infections in their hard drive."

He said they were calling to make me aware of the infections.

And the trap was sprung. Although the scammers typically tried to hide their identities and locations by using voice over Internet protocols, they didn't do much else to protect themselves. Windows tech support cold callers have told some victims they have a massive database notifying them each time a computer connected to the Internet is infected. In reality, they're not so omniscient. They couldn't even verify (or just didn't bother to verify) whether they had previously called the number used by the undercover FTC agent. The scammers took the FTC agent's statements at face value and played along more than enough to get shut down and hauled into court.

Confidential settlements won't scare off scammers looking for easy money. The FTC needs to demand every cent they ever made and them some, then press criminal charges.

Honstly, the entire realm of con artists, scammers, and financial crime makes me consider that indentured servitude might still have a place in the toolkits of the judiciary. Mind you, it'll probably take a while to work off six figures or more at minimum wage, but them's the breaks.

I have thoroughly enjoyed this series of articles from ARS. Keep up the excellent work. This is the quality of journalism that I expect from this website, and what keeps me coming back. Thorough and well written.

Had a call from these guys just last week! Apparently my PC was infected and was reporting it to Microsoft so this 'tech support' dude wanted me to start clicking away so he could help me fix it.I gave him the run around pretending to click as he wanted me to...until in frustration he blurted out 'do you have a computer or not?'...to which I replied 'you tell me!' He then hung up.

He sounded like the same guy who calls and offers duct cleaning services. Every time I ask...do you suck or blow the ducts. I have yet to get an answer....or a duct job!

Or maybe it just seems quick to me, I hadn't encountered too many of these scam calls til the past 6 months or so, when it seems to have skyrocketed...[/quote

You actually answer calls from numbers you don't know?

So wise! I mean, there is not one possible reason that exists for someone to answer unknown or blocked calls. Literally no reason whatsoever for anyone on the planet with access to a phone to do such a thing. Ever.

"One curiosity is that Friedman, even after changing his password, is receiving spam e-mails with suspicious links from multiple people in his address book, even though those peoples' accounts were apparently not hacked."

It sounds like they stole his address book then did standard email spoofing.

Even if his computer is clean now, he has no way to stop the spoofing (other than spam blockers).

Or maybe it just seems quick to me, I hadn't encountered too many of these scam calls til the past 6 months or so, when it seems to have skyrocketed...[/quote

You actually answer calls from numbers you don't know?

So wise! I mean, there is not one possible reason that exists for someone to answer unknown or blocked calls. Literally no reason whatsoever for anyone on the planet with access to a phone to do such a thing. Ever.

My philosophy is if it's important they will leave a VM. I usually check the VM if one pops up after a call from a number I don't recognize. Sometimes if I'm sitting at a comp I can Google the number well before it stops ringing. I've regretted answering calls from unknown numbers infinitely more often than not.

"One curiosity is that Friedman, even after changing his password, is receiving spam e-mails with suspicious links from multiple people in his address book, even though those peoples' accounts were apparently not hacked."

It sounds like they stole his address book then did standard email spoofing.

Even if his computer is clean now, he has no way to stop the spoofing (other than spam blockers).

Yeah, that's what I think is most likely, too, I just didn't want to say that in the article when I don't know for sure.

Or maybe it just seems quick to me, I hadn't encountered too many of these scam calls til the past 6 months or so, when it seems to have skyrocketed...[/quote

You actually answer calls from numbers you don't know?

So wise! I mean, there is not one possible reason that exists for someone to answer unknown or blocked calls. Literally no reason whatsoever for anyone on the planet with access to a phone to do such a thing. Ever.

What if, and it's a stretch I know, but just imagine, a phone that doesn't (or can't) display the calling number. Would that be a reason for someone, somewhere on the planet ???

It just floors me that this is a civil case, not a criminal one. Even more so that the FTC is negotiating a financial settlement with these scammers. Where exactly do they think this settlement money will come from? These people make a living off scamming people. They will have to scam yet more people in order to settle this civil suit. This is utterly insane. I'm all for seeking financial restitution for the people who have been scammed, but these scumbags need to do hard time in prison. Right now, the FTC's actions are little more than an inconvenience. Any reason why the FTC didn't work with the FBI on this to make a criminal case of it? Or is that coming?

Seems like most people only get these calls from time to time... I've been getting 8-10 calls per day for the last week! I haven't been able to find anything online on what to do to stop this -- I've tried answering and asking to be taken off the list, I file complaints on donotreply.gov, and I've installed call blockers on my phone (to no avail since they change numbers so often). Most "advice" online is to try to take up the scammer's time, whether it be in some hilarious way or just leaving the phone on the hook and walking away. The problem is there's no telling if that'll get them to really stop calling.

Seems like most people only get these calls from time to time... I've been getting 8-10 calls per day for the last week! I haven't been able to find anything online on what to do to stop this -- I've tried answering and asking to be taken off the list, I file complaints on donotreply.gov, and I've installed call blockers on my phone (to no avail since they change numbers so often). Most "advice" online is to try to take up the scammer's time, whether it be in some hilarious way or just leaving the phone on the hook and walking away. The problem is there's no telling if that'll get them to really stop calling.

I'm sure if you asked nicely you could find some people here who'd love for you to send the scammers their way for a nice game of download-the-virus-cache.

Someone I know had one of these calls recently. It was pretty obvious something was wrong when they claimed the computer had been infected and they had detected it several days ago. The computer had been out of the box less than 24 hours...

I think it would be fun to lead them on for about 5 min with some very short, "yes" , "no" responses. Then hit them with..."I'm sorry what is your name again?""Well, Bob, my name is detective Lestrade of Clark County homicide. I need to ask you stay on the this phone line as you have called the home of a victim of a murder. How long have you known the victim? How did you get this number then? Random? I find that unlikely as the victim died less than an hour ago and you just happened to call. You are in very serious trouble. Now is Bob your real name? Do you understand you could face the death sentence as an accessory to murder. Ok, where are you? Alright, I need you to stay on this line while we notify Interpol to have your local police bring you in for interrogation. Thank you for your cooperation in this investigation."

Seems like most people only get these calls from time to time... I've been getting 8-10 calls per day for the last week! I haven't been able to find anything online on what to do to stop this -- I've tried answering and asking to be taken off the list, I file complaints on donotreply.gov, and I've installed call blockers on my phone (to no avail since they change numbers so often). Most "advice" online is to try to take up the scammer's time, whether it be in some hilarious way or just leaving the phone on the hook and walking away. The problem is there's no telling if that'll get them to really stop calling.

I got them to stop by telling them clearly that I knew they were a scam.

The guy insisted they weren't and I reiterated that I knew they were. He insisted again and I said "Look, I'll play along and pretend to do what you want for 20 minutes if you want, but I won't actually touch my computer. If you want me to waste 20 min. of your time I will, and I will do it every time you call." He hung up.

It's too bad you can't sign up to get these calls, I'd love to spend some time messing with these asshats.

On that note, the Internet could solve this much faster than the FTC or law enforcement. All we have to do is crowdsource this:1. Establish a page for the posting of scammer numbers2. Technically literate persons with free time call the numbers, "returning your call" just like the FTC3. Suddenly they are wasting so much time it isn't profitable anymore.

I spent about 30 minutes stringing one of these calls along a couple months ago out of curiosity (I didn't know about the scam at the time). Figured the time sink would reduce their ROI and I was bored.

Got a call this week from a 212 number for the same. Which is an interesting advance in call masking, or they have on-shored the first point of contact.

The cost to taxpayers to prosecute these scammers is orders of magnitude higher than the cost of the scam itself. If they operate from India they are profitable with a few successful cons.

The economics of their "business model" guarantees that there will be hundreds, maybe thousands of companies trying to make an easy buck scamming gullible people. The ratio of gullible people versus scammers will dictate how big this market is.

A remedy would be if the scammers faced some serious risk; like being beaten up badly. However, the odds of this happening are virtually zero so we will continue to hear from these people for the foreseeable future.

Another possible remedy would be trusted commerce but this would imply a level of education and social transparency that would make a lot of folks uncomfortable. Maybe next century.

I've been following these cases on Ars for a few months now. Interestingly enough, my brother-in-law took one of these calls when we were visiting at Thanksgiving. It took me a minute to catch that it really was one of the scammer calls. My BiL definitely was suspicious himself, asking how they could know that his computer had a virus. That was my cue to start waving my arms and shaking my head. I'd like to think that he would have eventually caught on that it was a scam without me warning him, but I'm not sure. I'm just glad that I had read the Ars articles on this!

It's always great to read about this utter filth getting what's coming to them. I hate them with a passion of a thousand suns. It doesn't just effect the US either, at it's worst in 2010 before I got an unlisted number we were getting between three and four calls a day from these <censored>.

It would either be "Windows Tech Support" (never Microsoft, always Windows), or "Australian Department of Travel" (or some such bollocks)... I reported them a dozen times and for people running a scam and pretending to be FROM THE FEDERAL GOVERNMENT I never heard anything back.

And being the resident tech guy in our family I was constantly dealing with family members ringing up for a while worried about these calls... one of my great aunts, a lovely old in her 80s, even gave them a credit card number... God... that was hell to get fixed.

I honestly think we should bring back public flogging to deal with people like this, screw jail time, it only ends up costing us money, a few dozen lashes in public ought to sort them out.

Edit: I also wish the Indian government would do something about this filth. It's really hurting their reputation, I know people who simply hang up the second they hear an Indian accent now...

Edit: I also wish the Indian government would do something about this filth. It's really hurting their reputation, I know people who simply hang up the second they hear an Indian accent now...

I've operated that way for years. If the number shows as "UNKNOWN" I won't answer it at all. Caused a problem a few times since my wife's doc IS Indian.

A question or two for John Brodkin

1. Is the scamming that's going on illegal in India? It might not be.

2. If the caller ID shows a phone number in the US or the call comes out of a US phone number VOIP service, does that make the call a crime instead of a "bad business practice"? FTC really is only enforcing regulations not criminal laws by offering settlements.

How does the FTC prosecute these scammers if the scammer operate from India?

That's what I'm wondering too after reading the article.

FFabian wrote:

Makes me glad to live in a non-english speaking country.

I live in a non-english speaking country too, but that's not stopping the scammers from calling (four times in one week is the record). You'd expect their success rate to be lower because of the language, but apparently it's high enough to keep calling.

Seems like most people only get these calls from time to time... I've been getting 8-10 calls per day for the last week! I haven't been able to find anything online on what to do to stop this -- I've tried answering and asking to be taken off the list, I file complaints on donotreply.gov, and I've installed call blockers on my phone (to no avail since they change numbers so often). Most "advice" online is to try to take up the scammer's time, whether it be in some hilarious way or just leaving the phone on the hook and walking away. The problem is there's no telling if that'll get them to really stop calling.

Pfft, just learn phrases that implies that the caller copulates with his/her parents/siblings in the major languages of the region (english, hindi/urdu & arabic), then put an airhorn up to the speaker and fire it off.